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^ (54) Title: SYSTEM FOR SECURING DATA ON A DATA CARRIER 
OS 

(57) Abstract: System for protecting data on a data carrier on which a medium code is stored in an accessible manner and on which 
data is stored which is only accessible after presenting an access code, which system comprises: a) an apparatus incorporating, a 
suitably progranmied processor, a user interface, a mobile telephone incorporating a SIM-card, b) a central station incorporating a 
' — ; further suitably programmed processor co-operating with a number of memories for storing valid medium codes and valid SIM codes 
2 and valid access codes. The processor in the apparatus can be connected through the telephone and through a suitable communication 
network to the further processor in the central station whereby the SIM-code of the telephone and the medium code of the cairier are 
^ transferred to the further processor to be processed into an access code after which the resulting combination of codes is compared 
^ with the codes stored in said memories, after which in case of a valid code combination a coded access permission is sent to the 
^ processor enabling the software to read the data from the data carrier. 
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System for securing data on a data carrier. 

The invention relates to the system for secxiring data on a data carrier. Especially, 
5 but not exclusive the invention relates to CD-ROM's en DVD^s as data carrier. These 
data carriers can comprise very large amounts of data, which data is acquired often with 
great effort (financial and/or manpower and/or equipment) and represents therefore a 
significant value for the owner. Howeva*, copying such data cannot be prevented under 
all circumstances. 

10 W099441 14 describes means for securing the access to predefined applications 

in a computer system. Use is made of a SIM code which is normally stored in a mobile 
telephone and is a unique identification item for said telephone. This SIM code forms 
the basis for authorizing the user of the telephone and enabling access to selected appli- 
cations on the computer system. 

15 US5784460 describes a system for retrieving selected software fix)m a storage 

device whereby the software is encrypted. Based on the serial number of the computer 
which is connected to the store^e device and a unique password a decryption key will 
be provided for decrypting the respective software. 

EP0965938 describes a device for performing financial transactions by means of 

20 smart cards comprising memory means in which monetary values are loaded. The de- 
vice comprises one or more card detectors for sensing the presence of a card. The de- 
vice comprises fiirthermore a biometric recognition device for identifying the user of 
the device. Only in case the user is recognized as an authorized person a transaction can 
be performed whereby monetary values are transferred ftom the card top a third party 

25 or firom the third party to the card. 

WO9921094 describes a system wherein a unique identification number is as- 
signed to a computer. On the basis of the identification number at least one security 
information set is generated for the computer and a data string is generated for the 
authorized user. From said string a security information set can be derived to function- 

30 ally enable the computer. 

A purpose of the invention is now to indicate how the use of copied data without 
paying a suitable price therefore can be prevented. 
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The invention now provides a system for protecting data on a data carrier on 
which a medium code is stored in an accessible n[iamier and on which data is stored 
which is only accessible after presenting an access code, which system comprises: 
a) an apparatus incorporating 
5 - a suitably programmed processor which during operation co-operates wi& the 
data carrier, 

a user interface which enables the processor to communicate with the user, 

a mobile telephone incorporating a SIM-card in which a SIM-code is stored and 

which is coupled to the processor, 

10 b) a central station incorporating: 

a further suitably programmed processor co-operating with 
a number of memories for storing valid medium codes and valid SIM codes and 
valid access codes wtdch are generated by the further processor by applying a 
predetermined algorithm on each valid combination of SIM code and medium 

15 code , 

whereby the processor in the apparatus through the telephone and through a suitable 
communication network can be connected to the further processor in the central station 
whereby the SIM-code of the telephone and the medium code of the carrier are trans- 
ferred to the further processor to be processed into an access code after which the le- 

20 suiting combination of codes is compared with the codes stored in said memories, 

after which in case of a valid code combination a coded access permission is sent to the 
processor enabling the software to read the data from the data carrier. 

If the combination is not found the central station will transmit a code through the 
telephone (and through the network) to the processor as a result of which the processor 

25 will, through the user interfece, make it clear to the user that said user does not have 
access to the data on the data carrier and that for acquiring said access it is necessary to 
pay an also mentioned price. Furthermore the processor will ask the user by means of a 
thereto suited interaction with the processor, for instance by hvt not restricted to press- 
ing a predetermined button confirm that he/she wants to pay or for mstance but not 

30 restricted to by the pressing of anotiier button refuses to pay. In case the user confirms 
his willingness to pay than the combination of medium code, SIM-code and access 
code will be stored in this central system for eventual later authentication and the user, 
which is identified by his SIM-code, will be debited for the agreed amount. 
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In such a system the iiser of the data carrier has to traosmit the medium code to 
the central station together with the SIM-code of its mobile telephone. Before the data 
carrier can be read by the software both codes have to be transmitted through the mo- 
bile telephone to the central station to check if these codes are valid and if the combi- 
S nation is present in combination with a predetermined access code. Only if the combi- 
nation is found and the access code is valid the access permission is returned. The ac- 
cess code is genmited by the software in the central station on the basis of the trans- 
forward medium code and SIM-code. If the required combination of codes is not found 
initially no access will be granted and the user will be informed through a coded mes- 

10 sage which the central station transmits through the mobile telephone to the processor 
after which the processor will inform the user about this message through the user in- 
ter&ce. Furthermore the user will be asked if he wants to obtain access by paying a 
mentioned price. The users response will be transmitted through the mobile telephone 
to the central system. In case the response is positive the code combination will be sto- 

15 red in the central system for eventual future authentication. In case the response is 
negative the central station will transmit a coded message through the mobile telephone 
to the processor for denying access after which the procedure is broken off. 

In case a copy of the data carrier is made then, in case said copy is read in combi- 
nation with another SIM-code, after authentication in the central system it will appear 

20 that said combination of codes is not present, after which the user is asked if he is wil- 
ling to pay the required price. Use in combination with the same SIM-code in general 
indicates use by the same user, which is no problem, or points to a stolen SIM-code. 
Considering the security measures which are tak^ for that situation the chance thereon 
will be considered as sufi&cient small to accept the risk. 

25 As abeady said the invention is specifically directed to data carriers on vMch 

large amounts of data can be stored. To avoid tiiat various different v^ions of the data 
carriers have to be made, each with another collection of data files determined for a 
specific user group it is prefenned to store all files on one carrier and to take measures 
such that a user is only able to access predetermined files. 

30 In that respect a preferred embodiment of the system has the characteristic that 

the data carrier comprises a predetermined amount of data and that the software at any 
sxiitable moment during the start up procedure through a dialogue with the user and 
through the user interface determmes to which sections of the data and during which 
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periods the user will have access, which information is transferred in coded form back 
to the central station, where it is processed together with the mediuna code and the 
SIM-code into an access code which after said debiting procedure in combination with 
tiie medium code and SIM-code is stored in the central station and is transferred there- 
S after to the processor with the result that the software is only enabled to obtain access 
to selected data during selected periods. This explains also why in tiie first discussed 
embodiment there is a validity check on the access code. 

The special access code signal determines therefore vdiich sections of the data 
can be read. 

10 If a complete legal system has abeady been used according the rules and nothing 

is changed to the configuration than it can be assumed that at the next start up of the 
system the legal data carrier is still present In fact the exchange of codes is then super- 
fluous. A system which takes that into account has according to the invention the fur- 
ther characteristic that it stores the during earlier operation received access situation in 

15 the processor and that the processor comprises or is connected to means for detecting 
removal of the data carrier, which means in case the data carrier is not removed since 
the last operation enable the software to obtain access to the data with the stored access 
situation. 

The invention will be explained in more detail hereinafter with reference to a 
20 specific embodiment whereby it is remarked that the invention is not restricted thereto. 
Furthermore the attention will be drawn to the attached figure. 

Said figure illustrates a simple embodiment of the system according to the inven- 
tion. In the figure schematically a system is shown comprising the data carri^ 1 inser- 
ted info a data carrier reader 1 1, a processor 2, and a user interface 3. The components 
25 1, 2, 3 and 1 1 are mstalled within an apparatus which is in general indicated by 1 0. Said 
apparatus has furtiiermore a communication port 7 providing a two-way connection to a 
mobile telephone 4. Finally the system comprises a central station 5 with a two-way 
conmranication module 8, a processor 9 and a number of memories such as 12 and 13, 
the function of \i^ch will be explained hereinafter. The processor 2 is functioning un- 
30 der control of suitable software to properly control the components 1, 2, 3, 7, and 11 
and eventual further components and further electronic circuits which are not men- 
tioned in detail because liiey are not important for understanding the invention. 
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The data carrier 1 can be embodied preferably as a CD-ROM or a DVD. Howe- 
ver, the inventioa is certainly not restricted thereto but includes also hard discs, magne- 
tic tape or surface memories, semiconductor memories and other type of memories or 
combinations of different types having preferably a large stors^e capacity. The data 
5 carrier stores not only a large amount of data but also a unique medium code MC by 
means of vMch the specific data earner 1 can be distinguished from all other data car- 
riers. This medium code MC is stored in a section of the data carrier which is always 
accessible for the carri^ reader. The data is stored in sections which are only accessible 
using a permission code or stored in encrypted format whereby a decryption a key is 
10 needed. 

As an example the apparatus 10 is destined to provide travel information to the 
driv^ of a vehicle for instance by indicating on a suitable display which road to drive 
to the destination and/or which petrol stations there are in the vicinity and/or which 
hotels there are in the next town or village. Systems of such a type are known and 
15 widely available on the market and do not need further explanation. Most of these sys- 
tems make use of data carriers which store the necessary data which data has to be up- 
dated once and a while to keep track with changes in the road system, etc. For that pur- 
pose the user has to buy now and then an updated data carrier. 

As already indicated the central station 5 comprises a number of memories for storing 
20 series of code numbers, such as the memory 12 for storing medium codes and the 
memory 13 for storing SIM codes. In fact the memory 12 contains the medium codes of 
all data carriers which are legally produced and are brought on the market by author- 
ised providers. The memory 13 comprises the SIM codes of all mobile telephones of all 
persons who have legally acquired the right to use a data carrier, for instance by buying 
25 the datacarrier from one of said abovementioned providers. 

Afi^ installation of the apparatus but before actual use thereof the medium code 
MC of the datacarrier and the SIM code of the mobile telephone have to be transferred 
to the central station S to inform this station that the respective codes firom now on are 
m use. Each mobile telephone 4 comprises in a suitable manner a SIM card or memory 
30 with a SIM-code. During mitiation of the telephone 4 this SIM code is transferred to 
the central station 5 and compared with the codes stored in a SIM-memory 13. A label 
can be added for instance to the respective SIM code indicating that said code is in use. 
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The central station 5 preferably will comprise a further memory 14 for storing 
access codes AC which can be derived from a SIM code and an MC code by perform- 
ing a specific algorithm in the processor 9. As soon as ihe SIM code aad the related 
MC code are received for the first time in the central post S this algorithm is applied 
S and the resulting access code AC is stored into the further memory 14. 

During the start up of the whole system first of all the processor 2, after initiatmg 
the therein present software, will control the telephone 4 to establish contact with the 
central post S. Thereby the SIM code is transferred automatically to the central post S, 
wherein said SIM code is temporarily stored by the processor 9. The software in pro- 

10 cessor 2 is furthermore embodied such that the processor 2 will read the medium code 
MC firom Ihe carrier 1 and will transmit this code (eventually together with the SM- 
code) to tiie central station 5. Botii codes MC and SIM are processed by the processor 9 
in the above-indicated manner into an access code AC. The now available combination 
of the three codes SIM, MC and AC is compared with the series of code combinations 

15 in the memories 12, 13 and 14. If the correct access code AC in combination with the 
specific SIM code and MC code is recognised an access code signal TC is transferred 
back from processor 9 to the processor 2 through communication module 8, mobile 
telephone 4 and communication module 7. The access code signal TC enables the soft- 
ware in the processor 2 to read (or decrypt) data from the data carrier and to use said 

20 data in the further curcuits of the apparatus 10. 

If no valid combination of codes SIM, MC and AC is found by processor 9 then a 
signal will be transmitted back through modules 7 and 8 and through the telephone 4 to 
Hlg processor 2 on the basis of which the processor 2 informs the user ^mugk the user 
interface 3 thaX a certain price has to be paid to obtain access and asks if tbe user is pre- 

25 pared to pay said price. In case the user through a predetermined action, for instance by 
pressing a predetermined button in the user inter&ce or in another manner, responds 
positively to said question than this positive response will be transferred back through 
module 7 and 8 and through the telephone 4 to the processor 9 in the central post 5. 
Therein the MC code is already recognised as valid, the user is identified by his SIM- 

30 code which SIM code is now stored and labelled as in use in memory 13 and the user 
will be debited on the basis thereof. Furthermore the combination of medium code, 
SIM-code and gaaerated access code AC will be stored as valid. In case the whole pro- 
cedure will be repeated at a later stage the transmitted combination of codes MC and 
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SIM and the therefrom generated access code AC will now be recognised in the central 
station 5 as a valid combination so that an access signal TC can be returned. 

In case a copy is made of Ihe data carrier 1 than this copy will carry the same 
medimn code MC. The person who wants to use tiiis copy will however have a telep- 
5 hone 4 with another SIM-code. If now said person tries to activate the whole system 
than first of all his SM-code will be transferred to the station 5 together with the me- 
dium code MC. On the basis thereof the processor 9 will generate an access code which 
in combination with the two other codes is not recognised as valid combination. In the 
same way as e>q)lained above the user will be asked if he wants to pay for the data and 

10 if he/she responds positively a valid access code will be generated after which the deb- 
iting procedure will be activated as described above. So, for the use of an illegal copy 
the same price have to be paid as for a legal copy so that the problem of using illegal 
copies is disappeared. 

In general the data carrier 1 will comprise a certain amount of data which does 

15 not have to be completely accessible for a certain user or does not have to be accessible 
at all times. In that case the system can be embodied such that, after it the apparatus 10 
is activated, a dialog will be initiated between the central station 5 and the user dxiring 
which dialog the user indicates which data during which period he likes to access. This 
information is transferred back the central station 5 which thereafter transmits a special 

20 access code signal TC* back to the apparatus 10 such that the software enables to the 
processor 2 to gain access only to the indicated data and during an indicated period. 

A further code can be added to the system by incorporating a processor code in 
each processor in each apparatus 10. Therewith not only the data carrier and the tele- 
phone is checked as being a valid component in the system but also the apparatus 10 

25 can be recognised as valid or unvalid. The processor code is transferred with the SIM 
code and the medium code MC to the central station 5 and stored in the processor 9 . 
The PC code is compared with a series of processor codes stored in a suitable memory 
15. 

A further addition to the system could be a carrier presence detector. Such a de- 
30 tector can determine if the carrier has been temporarily removed from the reader since 
the carrier was last used in a legal maimer. If the carrier is still present and if the same 
telephone or another telephone which is recognised as valid is used then in fact access 
can be granted without further checking. 



wo 01/57469 



PCT/NLOl/00086 



8 

CLAIMS 

1 . System for protecting data on a data carrier on which a medium code is stored in 
an accessible manner and on which data is stored which is only accessible after pie- 

5 senting an access code, which system comprises: 

a) an q)paratus incorporating 

a suitably programmed processor which during operation co-operates with the 
data carrier, 

a user inter&ce which enables the processor to communicate with the user, 
10 - a mobile telephone incorporating a SIM-card in which a SIM-code is stored and 
which is coupled to the processor, 

b) a central station incorporating: 

a further suitably programmed processor co-operating with 
a number of memories for storing valid medium codes and valid SIM codes and 
15 valid access codes which are generated by the further processor by applying a 

predetermined algorithm on each valid combination of SIM code and medium 
code , 

whereby the processor in the apparatus through the telephone and through a suitable 
communication network can be connected to the further processor in the central station 
20 whereby the SIM-code of the telephone and the medium code of the carrier are trans- 
ferred to the further processor to be processed into an access code after which the re- 
sulting combination of codes is compared with the codes stored m said memories, 
after which in case of a valid code combination coded access permission is sent to the 
processor enabling the software to read the data from the data carrier. 

25 

2. System according to claim 1, characterized in that the processor comprises a pro- 
cessor code v^iich preceding the jSrst use is stored in a processor code memory in the 
central station and that during start up of the operation also the processor code together 
with the SIM-code and the medium code is transmitted to the central station and com- 

30 pared with the therein stored processor code, whereafter m case of correspondence of 
all three codes an access code signal is sent to the processor enabling the software to 
read data fix>m the data carrier. 
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3* System according to claim 1 of 2, characterized in that the data carrier comprises 
one of more data iiles and that the software at a suitable moment during the start up 
procedure through a dialog with the user determines to which files the user wants to 
have access, which information is transferred to the central station resulting in a special 
5 access code signal enabling the software to obtain access only to selected files. 

4. System according to one of the preceding claims^ characterized in that the access 
code signal which is received in the apparatus during first use is stored in de processor 
and that the processor comprises or is coimected to means for detecting the removal of 
10 the data carrier, which means in case the data carrier is not removed since last opera- 
tion, enables the software to obtain access to the data using the stored access code sig- 
nal. 
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